This post has been updated to take out some points that were misunderstood by me and have been clarified and another issue which appears to be resolved.
Okay, I'm spooked. I don't understand this enough to even claim something is wrong. This is the most bizarre "email situation" I have ever seen.
It began with the government giving the address firstname.lastname@example.org as the email address for citizens to send tip offs to the government about people who have black money. Leaving the Nazi like technique aside, I was puzzled by the address, as the Indian Income Tax Department's website is incometaxindia.gov.in
So I tried to find the website this email that the government provided belongs to. It doesn't exist. Okaaay. Does the domain exist? It does. And it seems to be registered to the income tax department as well. So far, so good.
Got a brainwave. If it was a server configured only for email, it wouldn't be seen by looking up domain, which looks at website address on port 80. So I did an MX lookup (that would be specifically for email server). Bingo! There it was, configuration errors and warnings and all, hosted on a subdomain pdcsmtp02.incometax.gov.in - which apparently is blacklisted for SPAM!!! The IP address for this is 184.108.40.206 (more on this later) and the reverse IP address does not match. It is for mail.incometaxindia.gov.in!!! Which seems to be blacklisted on FIVE spam lists? So the replies to the email will either not be received by people, or they will be received. It is unclear what has got the domains a spam status. The reasons could range from a relatively benign misuse of official address by a few employees to the server being compromised and used to send spam to even worse, the server being infected and emails could be infected too (spam is often the vector for malware, which is why you never click links in it, remember?)
Anyway, spam or not, whatever it was, I thought I'd found the holy grail. I tried going to the subdomain pdcsmtp02.incometax.gov.in. Page never stopped loading. It is still loading as I write this article. I have no idea what is on the other side. This is like a sarkari Darknet site.
I tried pinging it. Nothing. Depending on tool used, DNS service returns "domain not found" "name or service not found" etc.
On a relatively unrelated note, the IP address the Income Tax Department mail server is on, is hosted at DIT Jhandewalan and managed by a Mr. Simanchal Dash using his personal email address on yahoo and uses a Bharti Airtel network. Mr Simanchal Dash is personal secretary to Finance Minister Arun Jaitley. A server is important and official property. It is unclear why the secretary of the Finance Minister controls the server for the income tax department using a private yahoo account, and not an official government email or, for that matter why the government needs to buy network connections from Airtel.
Just two days ago, we were laughing our heads off at "wget" jokes because the prosecutor in Bradley Manning's trial asked him about using the Linux command "wget" as though it were a dangerous hacking tool, when in reality it is a fairly routine command used to get files. To a world ignorant about what it means, the method of asking itself would convey implications that it was a crime. An offline legal process ignorant about computer terminology.
Today, we saw worse. A fairly bizarre show by Rahul Kanwal on Headlines Today saw Somnath Bharti accused of things that make no sense if you look at the evidence on hand. The show makes several allegations about Somnath Bharti which are highly exaggerated and rather reckless to say about an MLA on National TV. Fact checking some of the stuff.
Somnath Bharti was world's worst spammer
To the best of my knowledge, this is an outright lie. The ROSKO (Register Of Known Spamming Operators) is a list of "hardcore spam-gangs" maintained by Spamhaus and lists spammers who have been banned by 3 or more ISPs. In 2005, the top 200 of this list had 3 Indian spammers. One of those Indian spammers was Somnath Bharti. This is not a compliment. However, I have found no source for him being the "worlds worst spammer". As far as I know, the title given to the program is a lie.
Kejriwal demanded proof, so it was hunted down and interpreted creatively enough to somehow support a demand for action
Rahul Kanwal begins his show with a bizarre justification. Kejriwal wanted proof to act against his ministers, so Rahul Kanwal has found him proof. Considering the amount of effort that went into digging a decade old story, it is fairly clear that this is a character assassination quest rather than anything remotely resembling news. While Headlines Today is free to broadcast what they like, I am going to take this as a deliberate mud finding and slinging expedition. Particularly since it deals with a case that is a decade old, and proves zero, but goes out of its way to imply that a certain MLA of a certain party trades in porn - in particular this is significant, because there is exactly zero evidence of Somnath Bharti's involvement with porn.
Somnath Bharti sold porn domains?
Now Somnath Bharti appearing in a "top spammers" list is a little suspicious by itself. The stated "rules" for putting someone on that list is a "three strikes" kind of thing, where three ISPs have to ban the operation for spamming before it goes on the ROKSO list. However, as Conrad Longmore, the person who "exposed" Somnath Bharti himself puts it, it was him pointing out Somnath Bharti's association with Topsites that was enough to get him into the list. It is unclear what three ISPs banned Somnath Bharti for him to qualify, but Spamhaus is fairly aggressive on that front, and supporters of spammers go on their block list as well or Topsites may have got kicked by three ISPs while Somnath Bharti was associated with it. So you don't have to spam, even if you tolerate spam, you're it. That wouldn't get Somnath Bharti on the ROKSO list, but I'm assuming Topsites must have been on the ROKSO list at that point, since at no point does Conrad Longmore actually expose anything related with spamming.
Additionally, while Spamhaus is a well recognized anti-spam service, it has no authority in terms of law enforcement. At best it flags spammers very well. This can be appealed against, but there is no neutral body accepting or rejecting appeals, and the word of Spamhaus is all it takes for your name to be kept on or taken off the lists. That said, Somnath Bharti is not currently on any list there.
Conrad Longmore's expose was of a business directory scam, which would involve getting people to pay for a listing in a directory, emails for which, I assume would go to official emails for websites provided for contacting - as opposed to unsolicited mass emails on random accounts - considering that the scammers are trying to deliver an invoice to get paid. Scam, yes if the listings purchased were not delivered. Spam? Unclear.
Somnath Bharti has consistently denied involvement with TopsitesLLC, including in 2004 itself, when his denial got added to the expose listing him. It is now 2014. He is still denying it, in spite of his visiting card being published there 10 years ago. So either he is stupid or there is more to the story than it seems. And there is a bit of a grey area, where Somnath Bharti is clearly involved, to whatever extent. My guess would be a flunky conned into buying into the business or becoming a front for it. That TopsitesLLC existed well before they "picked up" Somnath Bharti is fairly clear from Conrad Longmore's work. That Somnath Bharti was included in the trial when Dan Balsam sued Topsites for spam is clear as well from court records quoted in PCquest
"Directories LLC, Topsites, LLC, Paperless Mail, Inc. Paul Aunger, Somnath Bharti and David Nale have agreed to use only confirmed opt-in e-mail addresses when sending commercial messages and have further agreed to pay Plaintiff Five Thousand Dollars ($5,000) in damages."
What is not clear is the level of Somnath Bharti's involvement in the spamming. Somnath Bharti said the settlement was easier than the cost of fighting a lawsuit in the United States, which is logical. Dan Balsam is an anti-spam activist who makes a full living out of court settlements from suing spammers. So, it also may not have seemed legally viable (my guess). Conrad Longmore himself is unclear on how much of the profits went to Somnath Bharti.
As for Rahul Kanwal showing registration records, it doesn't mean anything. As a test case, I have registered kapat.in (which will contain exposes that will make the government furious, one day) in Rahul Kanwal's name, deliberately making it clear that it is a test case. If I knew his contact info, I could plug it in there, and he'd never know he owned a domain. So, if Somnath Bharti is saying for 10 years that he isn't involved, it doesn't seem all that bright to take registration records and substitute them for his answer, unless Rahul Kanwal wants to answer for what I put on "his" website, right?
If it is a noted spammer serial registering disposable domains to discard when they get banned, why wouldn't they put names of random people they picked up or even use that "ownership of internet property" as a flattering selling point to hook people? You really think the owner of an operation will hand over ownership of operations and internet property to the new chap he picks up? You clearly have a lot to learn about the internet and "proof".
The crux of the issue really is:
By TopSites LLC's own admission, they were turning in $1.8 million a year by 2005. How much of that money made its way to Mr Bharti is a mystery. And quite how Mr Bharti reconciles his questionable past business practices with his membership of an anti-corruption political party is also a mystery.
If Somnath Bharti was taking in a share of a profit of 1.8 million in another country, that would show up as a paper trail unless Rahul Kanwal also imagines illegal channels of transferring funds. A random comment by a supporter indicates that his income tax returns don't show any such income. Rahul Kanwal doesn't show a shred of proof that any money came Somnath Bharti's way. Somnath Bharti himself is claiming identity theft.
"Back in early 2000, server of Madgen Solutions Pvt Ltd was entrusted with an associate by me who misused it without my consent/knowledge. When the matter cropped up, I came to know that the said associate had generated mass emails soliciting business and had also impersonated me on multiple occasions. On exploring I found out that the emails generated were for a legitimate business, originating from a valid traceable IP address and in proper compliance with the laws applicable in the US, ie CANSPAM Act, then... hence this breach of trust between me and this associate of mine was not pursued in a court of law."
I detour to disagree with Conrad's new analysis of guilt and "fingerprints all over", etc and don't think it refutes Somnath Bharti's claim. If the claim is of identity theft, it makes sense that the identity was used everywhere. Hardly likely that the real scammer will expose his own identity if "Somnath Bharti" is what he uses. Also, if this is a person with admin access to the server, he can pretty much do what he wants with it as admin, including putting the topsites briefly on Somnath Bharti's page. It would be phenomenal gullibility, but this is also ten years earlier.
As of this moment, I have access to the administration of six websites that have nothing to do with me. Simply login details given to me when I helped someone over the years and people aren't all that careful with changing passwords. You think if I were inclined toward doing any dubious dealings using them, I'd use my own name to be exposed?
My point is not that Somnath Bharti is innocent. It simply is that whether innocent or guilty, 1. he is responsible for what goes out from his server and 2. he has an explanation that sounds possible, though not probable. 3. I do not believe Conrad is a neutral party on this issue anymore. Not defending 10 year old work that suddenly gets slashdotted into orbit. I don't imagine anyone is going to go "Oh, his explanation makes sense and you probably should ignore my work" - he may not be wrong, but his follow up story assumes that he continues to occupy an investigative space on the Somnath Bharti issue, which I don't buy and I also don't see in his work this year. For example: "Now, I'm not an expert in Indian law (and detractors of Mr Bharti say that he isn't either) " ad hominem is a space his earlier work doesn't occupy.
[inlinetweet prefix="" tweeter="@RahulKanwal" suffix="null"]There is evidence to prove that Somnath Bharti has been selling domains to porn websites. ~ Rahul Kanwal[/inlinetweet]
It is further seen from his presenting Somnath Bharti's links to porn sites, which Rahul Kanwal picked up and blasted onto National Television. Here's the deal. The Topsites were basically scraper sites of DMOZ - they duplicated content found on dmoz.org and the teenage-porn listing that got copied probably came from a page that got later taken down. I am sure there would be other "objectionable" listings.
[inlinetweet prefix="" tweeter="@MadhuKishwar" suffix=""]Even if pornography were legal in India, it is hardly a respectable way of earning a living. ~ Madhu Kishwar[/inlinetweet]
This is akin to blaming Google for its search results. You can find something objectionable and ask for it to be taken out manually, but to say Google showing listings for porn means the CEO of Google has porn links... is stretching the imagination. Now I am even less of a legal expert, but the well hated IT Rules in India would consider him an intermediary who gets a free pass as long as he takes down the objectionable content, etc etc. Because not even our law makers are that foolish.
[inlinetweet prefix="" tweeter="@_AamJanata" suffix=""]Woh saari baatein vastavikta hain, jaisa paper dikhta hain, waise hi hain. ~ Vinod Kumar Binny[/inlinetweet]
Vinod Kumar Binny speaks like some kind of an Aam Aadmi Party expert and claims that what the papers say is correct. This basically means he is an authority with enough knowledge to confirm the allegations. Vinod Kumar Binny needs to explain why if he thought a guy on his team dealt in porn websites, why didn't he speak up. Why didn't he speak up even after going on random rants against AAP. What is his authority and knowledge to confirm Rahul Kanwal's allegations?
Prasanto Roy believes that Somnath Bharti is a scammer. But he makes no mention of who got scammed. The supposed scam is described by Conrad Longmore, who himself writes that no case has been filed against Somnath Bharti or Topsites for it. His original expose itself says that Topsites does issue refunds if pressed. Prasanto makes it appear that the data is acquired, implying that he has no real right to it, but the Open Directory Project data is free for anyone to use. It is publicly available for reuse. So here we have a digital journalist who appears to have a grudge about commercial reuse of open content?
As for contacting people and asking them to pay for listings, I hope Prasanto has heard of "Just Dial", because God knows I've got enough calls from them trying to sell me a listing. He means the owner of Just Dial is not respectable enough for a political party? And his opinion matters, why?
That said, past gullibility is no answer, and if there is criminal or other responsibility that must be assigned, then Somnath Bharti should either expose the person who did it, or bear the responsibility of what happened on his server (which for all intents and purposes means he did it - whatever he claims). But wait. Conrad makes it clear that no case about bogus directory listings was ever brought against Topsites or Somnath Bharti. The one case in US that Somnath Bharti did settle out of court was not a criminal case. So what accountability does Rahul Kanwal actually want?
Spam is not illegal in India. No one complained about his supposedly fraudulent business practices that were the cause of the original expose Conrad did and he states it clearly himself. We could whine about the porn listings, but the IT Act and IT Rules didn't exist when the expose was done. In any case, the sites are gone, and in the random chance they still exist, Rahul Kanwal can complain and get any problematic listings taken out. So why is everyone hearing about how an MLA is into porn as business, "world's top spammer" etc? That too present tense implied for the most part? Never mind. Answer the courts. I can't imagine Somnath Bharti letting this go. I wouldn't.
Now here is the cinching part. Spamming is ugly, we all hate it, it isn't ethical, etc etc. In India, spamming is not illegal. So I have no idea what proof Rahul Kanwal is showing to Kejriwal that he is talking about in the beginning of the show.
Basically, here you have a journalist targeting a political personality with invitees from supporters of competing political parties and one ex-member with a grudge, in a pre-election mood and have left knowledge of internet laws and facts to the wind. I mean seriously, does one believe "internet expert" Madhu Kishwar opining on a directory listing for porn as "making a living" from porn? This is a political soap opera with a "novelty" theme at best.
Highly suggest that Rahul Kanwal leave tech reporting to techies.
If you landed up on this page, it is likely because you received an email notification to remove content within 36 hours of the IT Rules being passed. This page attempts to explain what's up.
You and your website/blog have just become a part of an unprecedented experiment with proposed laws. A test drive of the proposed law (rules, in this case) to see how they would play out if they were passed as proposed. We believe that it is more scientific and result oriented than arbitrary law making thinking that it would be useful.
If you got that email, you got it with reference to a specific url. If the rules were passed in the Parliament, that email would be sufficient for you to be legally required to remove the content specified within 36 hours of receiving it.
I know you think that your content is not legal. That is not relevant to these rules. These rules simply say that anyone can complain about content directly for it to be taken out.
We do think it is a bad idea, which is why this experiment to demonstrate how it could be. You can read more about Operation India and participate to spread awareness and build awareness that will not allow these rules to be passed, saving your content, and that of many unsuspecting others like you, our fundamental rights to free speech.
Now that you have got the email, what do you do?
Here are your choices:
Nothing. Do nothing. Nothing will happen to your content or you. This is a test drive, no one is persecuting you, though they *could* when the rules get passed.
Join in. If you believe that it is important that people realize the destructive potential of the proposed rules, participate in Operation India, and mark your content as described in the post. You could go two steps ahead and publish any letters for taking down content that you get and any letters for taking down content that you send.
Here's to hoping that you never get a real email like that.